We have our user folders set up in an "odd" way - everyone's main user drive is open to everyone, with the exception of a Private subfolder.
Right now I'm using a VBScript that kinda works (but doesn't do everything it's supposed to). I was wondering if there is some way to get this working in either PowerShell or Adaxes itself so that it can be automated and work correctly as we're trying to automate as much of this process as we can (we sometimes get 30+ new hires in a manner of a few weeks for our peak season).
So the folder permissions should look like the following (and nobody wants to change this):
<fileserver>\users\<username> - Domain Users read/modify, Domain Admins read/modify, Backup Operators read (works as designed)
<fileserver>\users\<username>\Private - <username> read/modify, Domain Admins read/modify, Backup Operators read (Domain admins is here so we can place files here from backup or print PDFs of new login info). (works as designed)
<fileserver>\users\<username>\desktop.ini - Needs to be read only for Administrators so the display of <username> doesn't change to "My Documents" in Windows 7. (doesn't work - however if we manually make the file read only, it fixes this issue too, so that would work).
Here is my current script (I didn't write it):
Option Explicit
Dim WSHSHELL, FILESYS, WSHSHELLEXEC, USERDRIVE, COMMAND, USERLOC, SUBINACL, CURRENTDIR, WRITER
'Set Data
Set WSHSHELL = CreateObject("WScript.Shell")
Set FILESYS = CreateObject("Scripting.FileSystemObject")
if WScript.Arguments.Count = 0 then
WScript.Echo "Missing parameters"
wscript.exit
end if
USERDRIVE = WScript.Arguments(0)
USERLOC = "\<fileserver>\USERS\" & USERDRIVE
SUBINACL = "\<fileserver>\Users\subinacl.exe"
CURRENTDIR = FILESYS.GetParentFolderName(Wscript.ScriptFullName)
if NOT RIGHT(currentdir, 1) = "\" then
currentdir = currentdir & "\"
end if
If FILESYS.FolderExists(USERLOC) then
WScript.Echo "This folder (" & USERDRIVE & ") currently exists. Please either archive or delete folder."
WSCRIPT.QUIT
end if
'Create user's home directory
FILESYS.CreateFolder(USERLOC)
'Create user's private folder
FILESYS.CreateFolder(USERLOC & "\Private")
'Set permissions
WRITER = "%COMSPEC% /C " & SUBINACL & " /subdirectories " & USERLOC & " /setowner=""<domain>\Domain Admins"""
COMMAND = WSHShell.Run(WRITER,0, false)
WRITER = "%COMSPEC% /C " & SUBINACL & " /subdirectories " & USERLOC & "\*.* /setowner=""<domain>\Domain Admins"""
COMMAND = WSHShell.Run(WRITER,0, false)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & " /T /C /G " & USERDRIVE & ":C"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & " /T /C /E /G ""Backup Operators"":F"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & " /T /C /E /G ""Domain Admins"":F"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & " /T /C /E /G ""Domain Users"":C"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & " /T /C /E /G SYSTEM:F"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|XCOPY " & CurrentDir & "desktop.ini " & USERLOC
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & "\Private /T /C /G " & USERDRIVE & ":C"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & "\Private /T /C /E /G ""Backup Operators"":F"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & "\Private /T /C /E /G ""Domain Admins"":F"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C ECHO Y|CACLS " & USERLOC & "\Private /T /C /E /G SYSTEM:F"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C " & SUBINACL & " /subdirectories " & USERLOC & " /setowner=""<domain>\" & USERDRIVE & ""
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
WRITER = "%COMSPEC% /C " & SUBINACL & " /subdirectories " & USERLOC & "\*.* /setowner=""<domain>\" & USERDRIVE & ""
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
'Deny read access to Administrators to desktop.ini to fix file display as My Documents instead of user name.
WRITER = "%COMSPEC% /C " & SUBINACL & " /file " & USERLOC & "desktop.ini /deny=""<domain>\Administrators""=R"
COMMAND = WSHSHELL.Run(WRITER, 0, TRUE)
Set Writer = nothing
Set FILESYS = nothing
Set WSHShell = nothing